Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
File:                     hhqdNX1T1UWUhKH1khcE52JkGmI.cer (raw, json)
Hash identifier:          upM1C10OeL2uRdW9341JHLIsGHKMI+NobyP2EAlpSF8=
Subject key identifier:   86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D7134F30AA0A72FC719B3DFF2EF56
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
caRepository:             rsync://0.sb/repo/sb/33/
Notify URL:               https://0.sb/rrdp/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:30:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 84.38.247.0/24
                          IP: 2a12:e940::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:34:f3:0a:a0:a7:2f:c7:19:b3:df:f2:ef:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=861a9d357d53d5459484a1f5921704e762641a62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:54:27:10:c3:87:bf:f0:a2:d1:5a:65:a1:3f:
                    ed:44:8f:a7:08:bc:cc:c6:d3:ae:c3:d9:5d:25:92:
                    13:1c:a0:5d:e9:74:4d:40:09:bc:ec:8c:38:ef:a2:
                    f6:ce:60:ec:47:ee:6e:2d:8f:31:29:5b:66:7e:e1:
                    b4:e0:2c:8c:9c:f2:fd:42:5a:27:98:cf:42:3b:80:
                    9d:90:50:46:27:57:c4:62:4c:d9:61:c2:b4:0c:74:
                    31:a3:b5:04:73:0a:54:fc:8b:3d:0c:d9:70:1e:2e:
                    cd:36:b1:18:99:80:de:e1:94:29:fc:a4:78:85:d8:
                    f5:9b:a3:b3:25:5e:15:27:7c:64:c1:84:d4:93:7a:
                    77:73:2f:0f:6d:6f:66:ec:2a:5f:ed:3f:c1:5d:fc:
                    8f:4a:b5:6c:72:fe:e8:d2:3e:5d:a8:b8:fe:93:e7:
                    0c:95:0f:12:4a:28:02:48:e2:6a:6c:88:3d:af:cb:
                    79:3f:2f:7b:5e:04:98:f2:07:e5:63:47:3e:27:28:
                    32:ea:8b:53:f6:32:2b:3c:6c:79:4c:fd:0a:20:f6:
                    d1:85:d4:a7:2a:5e:f3:c6:7d:50:ed:ba:44:06:76:
                    c1:ae:f1:9a:83:99:74:65:36:32:ec:9d:69:36:e8:
                    80:34:b4:2c:a4:9c:53:3a:43:e3:83:d9:9e:66:07:
                    23:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://0.sb/repo/sb/33/
                RPKI Manifest - URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                RPKI Notify - URI:https://0.sb/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.247.0/24
                IPv6:
                  2a12:e940::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:7f:12:f3:d2:40:9c:ea:4a:8f:a5:ed:20:68:b1:94:45:18:
         20:31:c2:aa:1d:03:e4:14:dd:03:83:26:54:bf:90:61:9b:58:
         cb:48:f3:59:00:23:21:3a:62:9a:d9:d2:e4:5d:d8:db:3b:07:
         94:ea:ef:32:c5:c6:89:af:f4:10:15:10:ef:fd:70:18:46:ff:
         39:dc:52:4a:a4:91:48:d7:f7:a9:98:63:4b:0b:58:3c:d0:4c:
         5a:8a:0e:e4:84:33:a8:e0:30:e6:6b:49:ef:cd:7c:4e:ce:df:
         4a:51:7d:ff:ae:8a:7f:9e:09:43:06:01:85:96:92:5d:25:1f:
         b0:eb:a2:b5:dd:69:bb:a6:2e:0e:c4:ac:76:5d:93:99:18:e1:
         7d:2f:5a:55:43:5b:08:4f:fd:c1:5d:0e:ef:31:c8:91:2b:ac:
         a5:2b:e4:3e:94:6c:78:1b:23:a8:f7:2b:16:46:62:c6:c9:c5:
         92:a2:2e:f8:86:9b:f5:de:c8:2e:6f:7e:4a:ef:b5:eb:54:58:
         c9:6c:43:94:fb:a3:dd:67:72:7a:4f:0d:37:12:58:01:8d:db:
         f3:1a:14:b9:1e:04:d3:40:1d:ab:f1:e6:63:2d:41:44:f0:f7:
         93:5e:74:a6:15:7e:fb:eb:6a:ed:fe:fc:b0:29:80:af:60:9c:
         07:b5:be:a1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzCbXE08wqgpy/HGbPf8u9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFhOWQzNTdkNTNkNTQ1OTQ4NGExZjU5MjE3MDRlNzYyNjQxYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VQnEMOHv/Ci0VploT/tRI+nCLzM
xtOuw9ldJZITHKBd6XRNQAm87Iw476L2zmDsR+5uLY8xKVtmfuG04CyMnPL9Qlon
mM9CO4CdkFBGJ1fEYkzZYcK0DHQxo7UEcwpU/Is9DNlwHi7NNrEYmYDe4ZQp/KR4
hdj1m6OzJV4VJ3xkwYTUk3p3cy8PbW9m7Cpf7T/BXfyPSrVscv7o0j5dqLj+k+cM
lQ8SSigCSOJqbIg9r8t5Py97XgSY8gflY0c+Jygy6otT9jIrPGx5TP0KIPbRhdSn
Kl7zxn1Q7bpEBnbBrvGag5l0ZTYy7J1pNuiANLQspJxTOkPjg9meZgcjOQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIYanTV9U9VFlISh9ZIXBOdiZBpiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgbgGCCsGAQUFBwELBIGrMIGoMCQGCCsGAQUFBzAFhhhyc3lu
YzovLzAuc2IvcmVwby9zYi8zMy8wUAYIKwYBBQUHMAqGRHJzeW5jOi8vMC5zYi9y
ZXBvL3NiLzMzLzg2MUE5RDM1N0Q1M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFB
NjIubWZ0MC4GCCsGAQUFBzANhiJodHRwczovLzAuc2IvcnJkcC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAM
BAIAATAGAwQAVCb3MA0EAgACMAcDBQMqEulAMA0GCSqGSIb3DQEBCwUAA4IBAQAt
fxLz0kCc6kqPpe0gaLGURRggMcKqHQPkFN0DgyZUv5Bhm1jLSPNZACMhOmKa2dLk
XdjbOweU6u8yxcaJr/QQFRDv/XAYRv853FJKpJFI1/epmGNLC1g80Exaig7khDOo
4DDma0nvzXxOzt9KUX3/rop/nglDBgGFlpJdJR+w66K13Wm7pi4OxKx2XZOZGOF9
L1pVQ1sIT/3BXQ7vMciRK6ylK+Q+lGx4GyOo9ysWRmLGycWSoi74hpv13sgub35K
77XrVFjJbEOU+6PdZ3J6Tw03ElgBjdvzGhS5HgTTQB2r8eZjLUFE8PeTXnSmFX77
62rt/vywKYCvYJwHtb6h
-----END CERTIFICATE-----